CVE-2025-46752 — Log File Information Exposure in Fortinet Fortidlp

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 94.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortidlp Fortinet Fortidlp Agent

Timeline

PublishedOct 16

Description

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5fortinet/fortidlp12.0.4 — 12.0.5+4

▶NVDfortinet/fortidlp_agent11.4.5 — 12.0.5

🔴Vulnerability Details

GHSA

GHSA-gw5c-576j-pf63: A insertion of sensitive information into log file in Fortinet FortiDLP 12↗2025-10-16

▶

CVEList

CVE-2025-46752: A insertion of sensitive information into log file in Fortinet FortiDLP 12↗2025-10-16

▶

📋Vendor Advisories

Fortinet

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 al...↗2025-10-16

▶

Microsoft

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash.↗2023-10-10

▶